[ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.

Ondra Machacek omachace at redhat.com
Fri Jan 15 09:27:24 UTC 2016


Hi,

if I read your logs correctly than you are using IPv6 and no IPv4, right?
ovirt-engine-extension-aaa-ldap-setup was designed to be easy
and support only very basic setups, so there is not support to properly 
configure it.

If the above is true, you have two options, which should help you.
1)
Do what you did below, and apply the configuration, then add to file:
/etc/ovirt-engine/aaa/ldap-test-server.properties
this line:
pool.default.socketfactory.resolver.supportIPv6 = true

2)
In question: "Use DNS (Yes, No) [Yes]:"
answer "no"

Hope it will help you,
Ondra

On 01/15/2016 05:50 AM, David LeVene wrote:
> Hey,
>
> I’m running into an issue which I’m not sure where to go from here. I’m
> trying to use LDAP authentication and am following the setup guide from
> here
>
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
>
> I have tested the ldap credentials manually using ldapsearch, and I get
> results as expected with the user I’m binding with - but when I use
> ovirt I run into problems.
>
> I hope someone can provide me some guidance, or other things to try!
>
> DNS resolves;
>
> Can manually do  ldap lookups using ldapsearch
>
> Can telnet to hostname 389 successfully
>
> Below are the steps taken;
>
> # ovirt-engine-extension-aaa-ldap-setup
>
> [ INFO  ] Stage: Initializing
>
> [ INFO  ] Stage: Environment setup
>
>            Configuration files:
> ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
>
>            Log file:
> /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log
>
>            Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)
>
> [ INFO  ] Stage: Environment packages setup
>
> [ INFO  ] Stage: Programs detection
>
> [ INFO  ] Stage: Environment customization
>
>            Welcome to LDAP extension configuration program
>
>            Please specify profile name that will be visible to users: LDAP
>
>            Available LDAP implementations:
>
>             1 - 389ds
>
>             2 - 389ds RFC-2307 Schema
>
>             3 - Active Directory
>
>             4 - IPA
>
>             5 - Novell eDirectory RFC-2307 Schema
>
>             6 - OpenLDAP RFC-2307 Schema
>
>             7 - OpenLDAP Standard Schema
>
>             8 - Oracle Unified Directory RFC-2307 Schema
>
>             9 - RFC-2307 Schema (Generic)
>
>            10 - RHDS
>
>            11 - RHDS RFC-2307 Schema
>
>            12 - iPlanet
>
>            Please select: 1
>
>            NOTE:
>
>            It is highly recommended to use DNS resolution for LDAP server.
>
>            If for some reason you intend to use hosts or plain address
> disable DNS usage.
>
>            Use DNS (Yes, No) [Yes]:
>
>            Available policy method:
>
>             1 - Single server
>
>             2 - DNS domain LDAP SRV record
>
>             3 - Round-robin between multiple hosts
>
>             4 - Failover between multiple hosts
>
>            Please select: 1
>
>            Please enter host address: ldap-test-server
>
> [ INFO  ] Trying to resolve host 'ldap-test-server'
>
>            NOTE:
>
>            It is highly recommended to use secure protocol to access the
> LDAP server.
>
>            Protocol startTLS is the standard recommended method to do so.
>
>            Only in cases in which the startTLS is not supported,
> fallback to non standard ldaps protocol.
>
>            Use plain for test environments only.
>
>            Please select protocol to use (startTLS, ldaps, plain)
> [startTLS]: plain
>
> [ INFO  ] Connecting to LDAP using 'ldap://ldap-test-server:389'
>
> [ INFO  ] Connection succeeded
>
>            Enter search user DN (empty for anonymous):
> uid=ovirt-test,ou=Special Users,dc=test
>
>            Enter search user password:
>
> [ INFO  ] Attempting to bind using 'uid=ovirt-test,ou=Special Users,dc=test'
>
> [ INFO  ] Stage: Setup validation
>
>            NOTE:
>
>            It is highly recommended to test drive the configuration
> before applying it into engine.
>
>            Perform at least one Login sequence and one Search sequence.
>
>            Select test sequence to execute (Done, Abort, Login, Search)
> [Abort]: Login
>
>            Enter search user name: uid=ovirt-test,ou=Special Users,dc=test
>
>            Enter search user password:
>
> [ INFO  ] Executing login sequence...
>
>            Login output:
>
>            2016-01-15 15:13:25 INFO
> ========================================================================
>
>            2016-01-15 15:13:25 INFO    ============================
> Initialization ============================
>
>            2016-01-15 15:13:25 INFO
> ========================================================================
>
>            2016-01-15 15:13:25 INFO    Loading extension 'LDAP-authn'
>
>            2016-01-15 15:13:25 INFO    Extension 'LDAP-authn' loaded
>
>            2016-01-15 15:13:25 INFO    Loading extension 'LDAP-authz'
>
>            2016-01-15 15:13:25 INFO    Extension 'LDAP-authz' loaded
>
>            2016-01-15 15:13:25 INFO    Initializing extension 'LDAP-authn'
>
>            2016-01-15 15:13:25 INFO
> [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool
> 'authz'
>
>            2016-01-15 15:13:25 WARNING
> [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize
> LDAP framework, deferring initialization. Error: An error occurred while
> attempting to connect to server ldap-test-server:389:
> java.io.IOException: LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> LDAPException(resultCode=91 (connect error), errorMessage='An error
> occurred while attempting to establish a connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException:
> ldap-test-server')LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> java.net.UnknownHostException: ldap-test-server
>
>            2016-01-15 15:13:25 INFO    Extension 'LDAP-authn' initialized
>
>            2016-01-15 15:13:25 INFO    Initializing extension 'LDAP-authz'
>
>            2016-01-15 15:13:25 INFO
> [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Creating LDAP pool
> 'authz'
>
>            2016-01-15 15:13:25 WARNING
> [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Cannot initialize
> LDAP framework, deferring initialization. Error: An error occurred while
> attempting to connect to server ldap-test-server:389:
> java.io.IOException: LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> LDAPException(resultCode=91 (connect error), errorMessage='An error
> occurred while attempting to establish a connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException:
> ldap-test-server')LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> java.net.UnknownHostException: ldap-test-server
>
>            2016-01-15 15:13:25 INFO    Extension 'LDAP-authz' initialized
>
>            2016-01-15 15:13:25 INFO    Start of enabled extensions list
>
>            2016-01-15 15:13:25 INFO    Instance name: 'LDAP-authn',
> Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version:
> '1.1.2', Notes: 'Display name:
> ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0',
> Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
> interface Version: '0',  File:
> '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.properties', Initialized: 'true'
>
>            2016-01-15 15:13:25 INFO    Instance name: 'LDAP-authz',
> Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version:
> '1.1.2', Notes: 'Display name:
> ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0',
> Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
> interface Version: '0',  File:
> '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.properties', Initialized: 'true'
>
>            2016-01-15 15:13:25 INFO    End of enabled extensions list
>
>            2016-01-15 15:13:25 INFO
> ========================================================================
>
>            2016-01-15 15:13:25 INFO    ==============================
> Execution ===============================
>
>            2016-01-15 15:13:25 INFO
> ========================================================================
>
>            2016-01-15 15:13:25 INFO    Profile='LDAP' authn='LDAP-authn'
> authz='LDAP-authz' mapping='null'
>
>            2016-01-15 15:13:25 INFO    API:
> -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
> user='uid=ovirt-test,ou=Special Users,dc=test'
>
>            2016-01-15 15:13:25 INFO
> [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool
> 'authz'
>
>            2016-01-15 15:13:25 WARNING
> [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize
> LDAP framework, deferring initialization. Error: An error occurred while
> attempting to connect to server ldap-test-server:389:
> java.io.IOException: LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> LDAPException(resultCode=91 (connect error), errorMessage='An error
> occurred while attempting to establish a connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException:
> ldap-test-server')LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> java.net.UnknownHostException: ldap-test-server
>
>            2016-01-15 15:13:25 SEVERE  An error occurred while
> attempting to connect to server ldap-test-server:389:
> java.io.IOException: LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> LDAPException(resultCode=91 (connect error), errorMessage='An error
> occurred while attempting to establish a connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException:
> ldap-test-server')LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to establish a
> connection to server
> ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:
> java.net.UnknownHostException: ldap-test-server') caused by
> java.net.UnknownHostException: ldap-test-server
>
> [ ERROR ] Sequence failed
>
>            Select test sequence to execute (Done, Abort, Login, Search)
> [Abort]:
>
> [ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
>
> [ INFO  ] Stage: Clean up
>
>            Log file is available at
> /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log:
>
> [ INFO  ] Stage: Pre-termination
>
> [ INFO  ] Stage: Termination
>
> This email and any attachments may contain confidential and proprietary
> information of Blackboard that is for the sole use of the intended
> recipient. If you are not the intended recipient, disclosure, copying,
> re-distribution or other use of any of this information is strictly
> prohibited. Please immediately notify the sender and delete this
> transmission if you received this email in error.
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



More information about the Users mailing list